Fortinet FortiPortal
0 remedies
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*
0 remedies
- >= 7.4.0, <= 7.4.0
- >= 7.2.0, <= 7.2.4
- >= 7.0.0, <= 7.0.8
- >= 6.0.0, <= 6.0.15
Fortinet FortiPortal Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Interception and Tampering
Vulnerability
A vulnerability allowing improper certificate validation has been identified in Fortinet FortiPortal versions 7.4.0, 7.2.4 and below, 7.0.8 and below, and 6.0.15 and below. This vulnerability occurs when FortiPortal connects to a FortiManager device, a FortiAnalyzer device, or an SMTP server. It may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept and tamper with the encrypted communication channel between FortiPortal and these endpoints.
Impact
Exploitation of this vulnerability could lead to interception and manipulation of encrypted communications between FortiPortal and FortiManager, FortiAnalyzer, or an SMTP server.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM